If you only listen to a single bit of advice from your fellow readers, let that advice be the importance of separate and non-administrative user accounts. Grant writes:

I have two boys, now 8 and 10, who have been using the computer since age 2. I set them up on Linux (Debian first, now Ubuntu) with a limited rights account. They can only make a mess of their own area. Worst case, empty their home directory and let them start over. I have to install software for them, but they can’t break the machine without causing physical damage (hammers, water, etc.)

My wife was on Windows, and I was on Debian, and before they had their own, they knew they could only use my computer, and only logged in as themselves. All accounts were password protected, so that was easy to enforce.

Security Essentials for anti-virus, with Malwarebytes free to back it up.

CCleaner set to automatically wipe everything every night.

Ninite Pro or Ninite Updater to keep everything up to date.

Remove IE and set Chrome as default. Install Adblock.

DO NOT install Flash, Java, or Reader. Use SumatraPDF or Chrome’s built-in PDF viewer.

Set a task to reboot the computer every night so Windows updates get installed.

Pain in the neck, but it works well. Or just skip all this crap and get a Mac.

Tek9 offers advice on setting up a computer but also cautions that the biggest investment is time and teaching:

For Kids, I recommend Qimo (off-shoot of ubuntu) designed with pre-planned packages for education and entertainment centered on kids.

In a windows environment, backup policy is the best thing you can do to protect your users. I have my grandmother set up on CrashPlan to sync to one of my storage locations that will keep her documents etc.. backed up within reasonable time frame. Use a disk image utility if possible occasionally so you can back up the entire system in the event of catostrophe. Other than that, I let her make mistakes and learn from them.

If you’re dealing with kids and the internet, I highly recommend learning and understanding Group Policy and how to lock things down with that. WinLock is also a good alternative to easily disable some things and create custom Start Menus for the children.

OpenDNS for URL filtering. Can be applied at the router level or the computer level depending on your need. Combine that with Group Policy to lock them out of making changes to the DNS settings on the computer and you’re good to go.

Probably the number #1 thing to realize is this: If you’re helping a novice user get started, be prepared to dedicate a lot of time in large and small chunks to that person. If you don’t like them that much, don’t start the process and abandon them at it. There will be times when you want to push them to resolve a problem on their own, but the majority of it is teaching and hand holding.

Jason Fitzpatrick is a warranty-voiding DIYer who spends his days cracking opening cases and wrestling with code so you don't have to. If it can be modded, optimized, repurposed, or torn apart for fun he's interested (and probably already at the workbench taking it apart). You can follow him on Twitter if you'd like.

Comments (15)

I’m not sure about the not installing Flash or Java from AG. Are they vulnerabilities? Yes, but every piece of software is a potential vulnerability point. With so many things going to the web these days. And in my experience, so many learning sites and kid friendly sites relying on Flash at least for interaction it’s almost a necessity for my kids. My daughter goes on starfall.com to work on her Phonics skills and it’s almost exclusively Flash. Definitely a user/admin preference at that point. Though I do have them locked down so that the only place they *can* go is to that website, so the vulnerability factor is almost nil unless that one site gets a virus.

I totally stand with not necessarily installing Adobe Reader though, it’s just bloat at this point. Sumatra is definitely one of the leading slimmed down readers available.

I’m big on kid safety online and parents knowing and controlling what their kids are exposed to. And when you have a novice computer user, they might as well be a kid in regards to these scenarios. It’s a weighty investment up front to learn how to protect yourself and others online, but it pays back in dividends your entire life. What is it, an ounce of prevention is worth 10 pounds of cure, or something along those lines.

I used to install Java just in case they might need it, but not any more. Java should not be installed unless the user is using OpenOffice or some other program that requires it. And the Java browser plugin should be disabled in any case. Almost no Web sites require it.

Adobe Reader should be replaced by one of the free third party PDF readers. At the very least, it should be regularly updated – which PatchMyPC will do.

If you really want a pretty problem-proof system (although no system is proof against idiots), install openSUSE Linux. Then you don’t need any of that stuff. Just make sure they run updates regularly.

And yes, Macs are more secure than Windows. Not by much, but enough to make a difference in the probability of being infected by malware.

But the real solution is education. You have to teach people not to click on everything, to read the dialog boxes they’re shown, and not to do stupid stuff. This is the hardest thing. There ARE people out there who simply shouldn’t be using a computer. Period. I’ve had a client who got infected literally every week! I told to install Linux and go away…

Or just boot up a VM in full screen and roll back to a simple but secure and functional point after each use – just one click to restore, no worrying about malware and no messing around disabling access to certain softwares or setting up tasks. Teach children but let them learn to break things and fix things for themselves too…

AG mentioned installing Google Chrome which includes Adobe Flash baked directly into the browser. The beauty of this awesome browser is that it regularly updates the included Flash and runs it in sandbox mode.

There is no need to download and install the standalone Adobe Flash software.

@Richard: The only way Macs are more secure, virus-wise, is that there are less viruses written for them. Due to the long standing (and false) belief that Macs are virus-proof, there are less antivirus programs for them, and the ones that do exist aren’t supported as well as their windows counterparts.

He didn’t say “get a mac” because it’s necessarily more secure (though it is). He said it because they are more idiotproof.

I do tech support. The vast majority of my problems are with users on WIndows. Moving people to Macs (more and more are buying them) has dramatically reduced my support calls. When my 86-year old grandfather made the move to Mac, calls still came in, but inevitably by the time I called him back, he’d fixed the issue.

Further, whether you like it or not, the hardware is BETTER. Those solid aluminum bodies means there’s less flex on the internals: the average lifespan of our Thinkpads is half what I’m getting on the MacBooks.

So, between easier upkeep, longer lifespan, significantly higher user satisfaction and essentially a wash in terms of price, the Mac’s a helluva buy.

And, lookitthat, it IS more secure. For whatever series of reasons you wish to put forth, it is more secure. Nothing’s wholly secure (remember the big Samba hole in your linux box?) — but it’s better for the average idiot to be on a Mac online than on a PC.

I know this has little to do with the topic, but some people seem to think that Macs are somehow better and base their opinion on some misguided belief that Macs are somehow more secure. That’s simply not true! Macs are simply less of a target.

Saying that Macs are somehow “safer” is like saying the Great Lakes don’t have as many dangerous fish as the Pacific Ocean and therefore are safer. That belief is simply imbecilic. Cause if you are out in the middle of either body of water and caught up in a storm where your boat sinks you are still just as dead.

But what’s really alarming in that analogy is that Mac owners almost never know a darn thing about their own boat. Now who’s safe?!